Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Support Bouncycastle security in DBeaver core

See original GitHub issue

Running

	DBeaver 5.1.1
	MariaDB 10.3.8/dev
	MariaDB Connector/J 2.2.5

on linux/64

Setting up a new DBeaver -> MariaDB connection,

	Create new connection > MySQL connection settings > MariaDB connection settings > General

works; on Test Connection,

	2018-07-01 09:42:54.112 - Connect with 'jdbc:mysql://test2.loc:3306/mysql' (mariaDB-85645c0fd22-8fbdded9d6ec1ee2)
	2018-07-01 09:42:54.505 - Connected (mariaDB-85645c0fd22-8fbdded9d6ec1ee2, MariaDB connector/J [2.2.5])
	2018-07-01 09:42:54.557 - Disconnected (mariaDB-85645c0fd22-8fbdded9d6ec1ee2)

Then, ‘Next’, and setting up for SSL

	Create new connection > Network > SSL

with config

	[X] Use SSL

	Certificates
	 CA certificate:      /opt/myCA/intermediate/certs/myCA.crt.pem
	 SSL certificate:     /opt/myCA/client/certs/myClient.client.crt.pem
	 SSL certificate key: /opt/myCA/client/private/myClient.client.privkey.pk8
	 Cipher suites (optional): ECDHE-ECDSA-CHACHA20-POLY1305

	Advanced
	 Require SSL:                [X]
	 Verify server certificate:  [X]
	 Allow public key retrieval: [ ]

Where,

	openssl x509 -in /opt/myCA/client/certs/myClient.client.crt.pem -noout -text
		Certificate:
		    Data:
		        Version: 3 (0x2)
		        Serial Number: 4128 (0x1020)
		    Signature Algorithm: ecdsa-with-SHA256
		        ...
		        X509v3 extensions:
		            X509v3 Basic Constraints: 
		                CA:FALSE
		            Netscape Cert Type: 
		                SSL Client, S/MIME
		            ...
		            X509v3 Key Usage: critical
		                Digital Signature, Non Repudiation, Key Encipherment
		            X509v3 Extended Key Usage:
		                TLS Web Client Authentication, E-mail Protection
		            ...

and pkcs8 private key conversion via

	openssl pkcs8 \
	 -v2 aes256 \
	 -topk8 \
	 -nocrypt \
	 -inform PEM \
	 -outform DER \
	 -in  /opt/myCA/client/private/myClient.client.privkey.pem \
	 -out /opt/myCA/client/private/myClient.client.privkey.pk8

On “Test Connection …” I get this error detail

	Error adding certificate to keystore
	 Not supported format of a private key
	 Not supported format of a private key

and in log

	2018-07-01 09:46:32.019 - Connect with 'jdbc:mysql://test2.loc:3306/mysql' (mariaDB-85645c0fd22-8fbdded9d6ec1ee2)
	2018-07-01 09:46:32.021 - Connection failed (mariaDB-85645c0fd22-8fbdded9d6ec1ee2)
	2018-07-01 09:46:32.021 - org.jkiss.dbeaver.model.exec.DBCException: Error configuring SSL certificates
	org.jkiss.dbeaver.model.exec.DBCException: Error configuring SSL certificates
	        at org.jkiss.dbeaver.ext.mysql.model.MySQLDataSource.getInternalConnectionProperties(MySQLDataSource.java:98)
	        at org.jkiss.dbeaver.model.impl.jdbc.JDBCDataSource.getAllConnectionProperties(JDBCDataSource.java:196)
	        at org.jkiss.dbeaver.model.impl.jdbc.JDBCDataSource.openConnection(JDBCDataSource.java:130)
	        at org.jkiss.dbeaver.ext.mysql.model.MySQLDataSource.openConnection(MySQLDataSource.java:384)
	        at org.jkiss.dbeaver.model.impl.jdbc.JDBCExecutionContext.connect(JDBCExecutionContext.java:79)
	        at org.jkiss.dbeaver.model.impl.jdbc.JDBCDataSource.initializeMainContext(JDBCDataSource.java:113)
	        at org.jkiss.dbeaver.model.impl.jdbc.JDBCDataSource.<init>(JDBCDataSource.java:107)
	        at org.jkiss.dbeaver.model.impl.jdbc.JDBCDataSource.<init>(JDBCDataSource.java:96)
	        at org.jkiss.dbeaver.ext.mysql.model.MySQLDataSource.<init>(MySQLDataSource.java:84)
	        at org.jkiss.dbeaver.ext.mysql.MySQLDataSourceProvider.openDataSource(MySQLDataSourceProvider.java:123)
	        at org.jkiss.dbeaver.registry.DataSourceDescriptor.connect(DataSourceDescriptor.java:752)
	        at org.jkiss.dbeaver.runtime.jobs.ConnectJob.run(ConnectJob.java:70)
	        at org.jkiss.dbeaver.ui.dialogs.connection.ConnectionWizard$ConnectionTester.run(ConnectionWizard.java:216)
	        at org.jkiss.dbeaver.model.runtime.AbstractJob.run(AbstractJob.java:95)
	        at org.eclipse.core.internal.jobs.Worker.run(Worker.java:56)
	Caused by: org.jkiss.dbeaver.DBException: Error adding certificate to keystore
	        at org.jkiss.dbeaver.model.impl.app.DefaultCertificateStorage.addCertificate(DefaultCertificateStorage.java:133)
	        at org.jkiss.dbeaver.ext.mysql.model.MySQLDataSource.initSSL(MySQLDataSource.java:136)
	        at org.jkiss.dbeaver.ext.mysql.model.MySQLDataSource.getInternalConnectionProperties(MySQLDataSource.java:96)
	        ... 14 more
	Caused by: java.security.GeneralSecurityException: Not supported format of a private key
	        at org.jkiss.dbeaver.model.impl.app.DefaultCertificateStorage.loadPrivateKeyFromPEM(DefaultCertificateStorage.java:188)
	        at org.jkiss.dbeaver.model.impl.app.DefaultCertificateStorage.addCertificate(DefaultCertificateStorage.java:127)
	        ... 16 more

What’s needed to get that pkcs8 key accepted/used? Other/add’l config? Or is this a bug?

Issue Analytics

  • State:closed
  • Created 5 years ago
  • Comments:22 (10 by maintainers)

github_iconTop GitHub Comments

2reactions
serge-ridercommented, Aug 25, 2018

@hal869 It means that bundle org.jkiss.bundle.bouncycastle is installed in DBeaver. E.g. by installing SSHJ extension by using “Install New Software” menu.

0reactions
ghostcommented, Aug 24, 2018

@serge-rider

In 5.1.6 DBeaver will use BC security provider as default JCE. This will happen if BC bundle is installed.

To be clear, what will “installed” actually mean here?

Just -present- on the system, and (somehow) pointed to by DBeaver config?

Or actually enabled &/or prioritized in

$JAVA_HOME/jre/lib/security/java.security

?

Read more comments on GitHub >

github_iconTop Results From Across the Web

Project security - DBeaver Documentation
DBeaver supports local storage for connection secure data. ... Go to Preferences->Database->Security and enable the option Use secure passwords storage .
Read more >
DBeaver 22.2.2 - Fresh FOSS
DBeaver is a free multi-platform database tool for developers, SQL programmers, database administrators and analysts. Supports all popular databases: MySQL, ...
Read more >
Database Management Tool : What is DBeaver? - E-SPIN Group
Key Features: · 1. Supports more than 80 databases · 2. All-in-one database management tool · 3. Big Data and NoSQL databases ·...
Read more >
Broken snap: dbeaver-ce - Ask Ubuntu
Task manager shows a Java and dbeaver-ce process, but there's no GUI. Please let me know why snaps just stop working? What is...
Read more >
News | DBeaver Community | Free Universal Database Tool
Database create button was removed from the connection dialog for databases which don't support it; Security patch for packaged drivers ( ...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Error message "No default database" since DBeaver 5.1.3 with PostgreSQL

Next page

The server's DateStyle parameter was changed to ISO. The JDBC driver requires DateStyle to begin with ISO for correct operation.